Community discussions

MUM Europe 2020

Search found 30 matches

by realdreams
Sun Dec 20, 2015 6:32 am
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 142399

Re: FastTrack - New feature in 6.29

ip/firewall/filter chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" chain=forward action=accept connection-state=established,related log=no log-prefix="" Only a test in RB750g, no result... Same on RB750G 6.33.3, fasttrack filter rule counter is ti...
by realdreams
Sun Dec 20, 2015 6:27 am
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 142399

Re: FastTrack - New feature in 6.29

No fastpath or fasttrack on x86 for now...
or ever? Isn't fastpath/fasttrack using hardware specific capabilities? And for x86, why do you even need it?
by realdreams
Fri Nov 27, 2015 4:30 am
Forum: General
Topic: IPv6 experience ... and needs.
Replies: 7
Views: 2045

Re: IPv6 experience ... and needs.

So
1) How to run multiple DHCPv6 client?
2) How to change DUID? I changed the interface MAC but that had no effect on DUID
by realdreams
Wed Nov 11, 2015 11:31 am
Forum: General
Topic: DHCPv6 PD troubleshooting
Replies: 3
Views: 638

Re: DHCPv6 PD troubleshooting

What protocol do you want to use where? The inside and outside of the router can (and usually will) use different protocols. Here I use DHCPv6 on the outside to get an prefix pool and allocate prefixes to the internal interfaces from that pool, but on the inside I don't use DHCPv6 but just SLAAC. S...
by realdreams
Wed Nov 11, 2015 11:09 am
Forum: General
Topic: DHCPv6 client new DUID?
Replies: 0
Views: 589

DHCPv6 client new DUID?

How can I get a new DUID for DHCPv6 client? and how to run multiple instances of DHCPv6 client on the same interface? I remember seeing somewhere RouterOS generates DUID based on first available hardware MAC, so it can't be changed? I need a new DUID for troubleshooting.
by realdreams
Thu Nov 05, 2015 8:35 pm
Forum: General
Topic: DHCPv6 PD troubleshooting
Replies: 3
Views: 638

DHCPv6 PD troubleshooting

I am on Time Warner Cable with Arris TG1672G (TS0800124_110614_16XX.GW_PC20_TW) IPv6 worked fine and I could get a /56 prefix assigned to me. Now the DHCPv6 client just says searching and I can no longer get IPv6 working. No config changes (upgraded from 6.32.2 to 6.32.3). DHCPv6 packet counter in f...
by realdreams
Mon Jul 27, 2015 6:02 pm
Forum: Announcements
Topic: v6.30.2 bugfix release
Replies: 148
Views: 39005

Re: v6.30.2 bugfix release

pptp server is still broken in 6.30.2
ppp,error,critical 16: Encryption got out of sync - disabling

Is it a MTU related issue?
by realdreams
Mon Jul 27, 2015 5:56 pm
Forum: General
Topic: ppp,error,critical 16: Encryption got out of sync - disabling
Replies: 1
Views: 2057

ppp,error,critical 16: Encryption got out of sync - disabling

Console logging
echo: ppp,error,critical 16: Encryption got out of sync - disabling

Nothing in syslog, pptp connectivity lost but the link stays up in ppp

version 6.30.1 (wasn't this bug supposed to be fixed in 6.30)
by realdreams
Fri Mar 27, 2015 6:20 am
Forum: General
Topic: large amount of firewall input drop from NAT
Replies: 4
Views: 691

Re:

Any timeout that was below 5 seconds.
I increased all timers by x2 and still see some of these dropped packets. Some from Google's server 80/443 TCP RST or SYN
by realdreams
Wed Mar 25, 2015 12:55 am
Forum: General
Topic: large amount of firewall input drop from NAT
Replies: 4
Views: 691

Re:

I had this issue when on a ads line. Solution was to 3x the timeout on connection tracking.
Which timeout did you change?
by realdreams
Mon Mar 23, 2015 12:53 am
Forum: General
Topic: large amount of firewall input drop from NAT
Replies: 4
Views: 691

large amount of firewall input drop from NAT

In the firewall the first 5 rules are #1 input ICMP accept #2 input established accept #3 input related accept #4 input OpenVPN UDP/port accept #5 input any drop & log I am getting 100K dropped packets from rule #5 within 12 hours. The majority of them seems to be TCP RST, TCP FIN from NAT transacti...
by realdreams
Sun Mar 22, 2015 6:30 pm
Forum: General
Topic: Wiki registration?
Replies: 1
Views: 460

Wiki registration?

Is the wiki editing restricted to employees/partners only?
by realdreams
Sun Mar 22, 2015 5:26 pm
Forum: General
Topic: OpenVPN IPv6 client
Replies: 1
Views: 1285

Re: OpenVPN IPv6 client

OpenVPN feature request:
  • IPv6 inside the tunnel
    IPv6 as a transport
by realdreams
Sun Mar 22, 2015 5:17 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 94688

Re: Feature request: OpenVPN compression LZO and UDP

+1 to implement the 4 unsupported features of OpenVPN... I never thought a working VPN server could do without those features
by realdreams
Sun Mar 22, 2015 5:09 pm
Forum: Scripting
Topic: script debugging?
Replies: 5
Views: 2936

Re: script debugging?

There doesn't seem to be a syntax error here... Certainly not a parse time one. I can add it to "/system script" with no problem, and I don't see any "I" flag... It seems that flag there refers to something else. Try to copy and paste the source into a new script, and remove the old one. Again, to ...
by realdreams
Sun Mar 22, 2015 3:19 pm
Forum: Scripting
Topic: script debugging?
Replies: 5
Views: 2936

Re: script debugging?

AFAIK, when you run a script, if there's a parse time error, the whole script will abort. If it's a post-parse time, all lines before the offending line will run normally, and the fatal one will show either a syntax error or runtime error, after which the whole script terminates. Stuff like mismatc...
by realdreams
Sun Mar 22, 2015 9:51 am
Forum: Scripting
Topic: script debugging?
Replies: 5
Views: 2936

script debugging?

What behaviors should I expect when the script encounters an error (syntax error, runtime error etc)? Does it continue or abort? And will there be any output if not explicitly specified in the script with log command? When I print the script I see "Flags: I - invalid" but there is no syntax error. A...
by realdreams
Thu Oct 09, 2014 11:12 am
Forum: General
Topic: RouterOS 6 webbox Error 501: Not Implemented
Replies: 2
Views: 4490

Re: RouterOS 6 webbox Error 501: Not Implemented

I did a netinstall and it fixed the problem. The web interface looks totally different. I guess the v6 has a new web interface but for some reason the previous installation/upgrade did not update the web portion.
by realdreams
Sun Sep 07, 2014 3:39 pm
Forum: General
Topic: winbox not correctly rendering with teamviewer on
Replies: 2
Views: 846

winbox not correctly rendering with teamviewer on

Image

This is the first time I see teamviewer causes another application to malfunction.
by realdreams
Mon Aug 25, 2014 8:48 am
Forum: General
Topic: RouterOS 6 webbox Error 501: Not Implemented
Replies: 2
Views: 4490

RouterOS 6 webbox Error 501: Not Implemented

On the router web admin page, all the images are 404 and attempts to log in to webbox leads to Error 501. I did an upgrade from 6.15 to 6.18 and it didnt fix the problem. This is on a RB750G. Is it caused by missing files? Any way to fix it without reinstallation?
by realdreams
Sat Jul 13, 2013 1:03 am
Forum: General
Topic: IP SLA for interface?
Replies: 0
Views: 1008

IP SLA for interface?

I am using a separate IPv6 interface (6in4 tunnel) for outbound ipv6 traffic. Is there a way to set up a tracker to remove the IPv6 static route if the link loses connectivity (tunnel endpoint not working). Right now if the tunnel goes down, computers still try to use IPv6 and traffic just get black...
by realdreams
Tue Jul 02, 2013 8:31 pm
Forum: Scripting
Topic: VPN Update
Replies: 1
Views: 1279

Re: VPN Update

Thanks. I have a pptp-client set up on RouterOS. So all I need to do is to change the parameters? #************************************************************************************************ # Parameters #******************************************************************************************...
by realdreams
Tue Jul 02, 2013 8:25 pm
Forum: General
Topic: feature request: connection retry interval
Replies: 5
Views: 3005

Re: feature request: connection retry interval

This is badly needed. If the vpn server fails, vpn client on RouterOS is just wasting resources/bandwidth and more importantly generating it generates so many repeated logs... and there is no log suppress feature on RouterOS as I know of.
by realdreams
Mon Jul 01, 2013 12:44 am
Forum: General
Topic: pptp to domain name instead of IP?
Replies: 1
Views: 950

pptp to domain name instead of IP?

Connect to only allows ip address. My pptp server uses DDNS so connect to IP doesn't work really well. Any solutions?
by realdreams
Wed Mar 27, 2013 10:10 am
Forum: General
Topic: IPv6 Route
Replies: 1
Views: 435

IPv6 Route

I have a sit interface on RouterOS and have a routed /48 I use for LAN. (tunnelbroker) HE_endpoint ---(sit1)RouterOS(LAN)---(f0/0)Cisco1(f0/1)---(f0/0)Cisco2 prefix63:1::/64 between RouterOS and Cisco1(f0/0) prefix63:2::/64 between Cisco1 and Cisco2(f0/1) Everything works on Cisco1 Cisco2 can ping C...
by realdreams
Mon Mar 25, 2013 11:15 pm
Forum: General
Topic: NAT Timer and Stateful Firewall Timer?
Replies: 4
Views: 1274

Re: NAT Timer and Stateful Firewall Timer?

What do you not understand? If you know how TCP/UDP/ICMP works, the values are self-explanatory. http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Connection_tracking If you don't even read the questions, why bother posting a reply? Which question does that wiki page answer? FFS the questions are ab...
by realdreams
Mon Mar 25, 2013 11:09 pm
Forum: General
Topic: Fragmented UDP traffic is blocked?
Replies: 0
Views: 1421

Fragmented UDP traffic is blocked?

I used the network diag tool here http://n2.netalyzr.icsi.berkeley.edu/ Basic UDP access is available. The client was unable to send fragmented UDP traffic. The most likely cause is an error in your network's firewall configuration or NAT. The maximum packet successfully sent was 1476 bytes of paylo...
by realdreams
Fri Mar 22, 2013 11:30 am
Forum: General
Topic: NAT Timer and Stateful Firewall Timer?
Replies: 4
Views: 1274

Re: NAT Timer and Stateful Firewall Timer?

You can find timing entries under /ip firewall connection tracking.
I read that before I asked... It was very confusing to me...
by realdreams
Mon Mar 18, 2013 3:39 pm
Forum: General
Topic: NAT Timer and Stateful Firewall Timer?
Replies: 4
Views: 1274

NAT Timer and Stateful Firewall Timer?

1. What is the default timer for NAT table and IP/IPv6 firewall established? Are they the same thing(I assume not because they have different position in the flow)? 2. IP/IPv6 firewall is iptables, ip6tables on Linux? 3. Which extension is used for connection state tracking? -m state --state ESTABLI...
by realdreams
Sat Mar 16, 2013 2:51 pm
Forum: General
Topic: webfig interface graph timestamp issue
Replies: 0
Views: 349

webfig interface graph timestamp issue

Version 6.0rc11 x86

The graph timestamp is totally off in webfig... time is properly configured and the graph is normal in winbox and /graph

Image